This is an automated email from the ASF dual-hosted git repository.
andor pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/master by this push:
new e1e69b9 ZOOKEEPER-3238: Adding noreferrer to target blank link
e1e69b9 is described below
commit e1e69b986e6263c594042ab6288c5d6384babc6e
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Thu Jan 31 14:18:06 2019 +0100
ZOOKEEPER-3238: Adding noreferrer to target blank link
In zookeeper-contrib-huebrowser, there is a link that uses target="_blank".
Best security practise is to also add rel="noopener noreferrer". See for
example: https://dev.to/ben/the-targetblank-vulnerability-by-example.
Note I did not test this as I do not use hue. However it is a fairly
trivial change.
Author: Colm O hEigeartaigh <[email protected]>
Reviewers: [email protected]
Closes #762 from coheigea/add_noreferrer
---
.../zookeeper-contrib-huebrowser/zkui/src/zkui/templates/tree.mako | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/zookeeper-contrib/zookeeper-contrib-huebrowser/zkui/src/zkui/templates/tree.mako
b/zookeeper-contrib/zookeeper-contrib-huebrowser/zkui/src/zkui/templates/tree.mako
index c74c202..07c91c3 100644
---
a/zookeeper-contrib/zookeeper-contrib-huebrowser/zkui/src/zkui/templates/tree.mako
+++
b/zookeeper-contrib/zookeeper-contrib-huebrowser/zkui/src/zkui/templates/tree.mako
@@ -69,7 +69,7 @@ ${shared.header("ZooKeeper Browser > Tree > %s > %s" %
(cluster['nice_name'], pa
</table>
<br />
-<a target="_blank"
href="http://zookeeper.apache.org/docs/current/zookeeperProgrammers.html#sc_zkStatStructure";>Details
on stat information.</a>
+<a target="_blank" rel="noopener noreferrer"
href="http://zookeeper.apache.org/docs/current/zookeeperProgrammers.html#sc_zkStatStructure";>Details
on stat information.</a>
${shared.footer()}
